All read only machine learning operations, such as getting information about datafeeds, jobs,
model snapshots, or results.

monitor_watcher

All read only watcher operations, such as getting a watch and watcher stats.

manage

Builds on monitor and adds cluster operations that change values in the cluster.
This includes snapshotting, updating settings, and rerouting. It also includes
obtaining snapshot and restore status. This privilege does not include the
ability to manage security.

manage_index_templates

All operations on index templates.

manage_ml

All machine learning operations, such as creating and deleting datafeeds, jobs, and model
snapshots.

Datafeeds that were created prior to version 6.2 or created when X-Pack security
was disabled run as a system user with elevated privileges, including permission
to read all indices. Newer datafeeds run with the security roles of the user who created
or updated them.

manage_pipeline

All operations on ingest pipelines.

manage_security

All security related operations such as CRUD operations on users and roles and
cache clearing.

manage_watcher

All watcher operations, such as putting watches, executing, activate or acknowledging.

Watches that were created prior to version 6.1 or created when X-Pack security
was disabled run as a system user with elevated privileges, including permission
to read and write all indices. Newer watches run with the security roles of the user
who created or updated them.

transport_client

All privileges necessary for a transport client to connect. Required by the remote
cluster to enable Cross Cluster Search.

Indices Privileges

all

Any action on an index

monitor

All actions that are required for monitoring (recovery, segments info, index
stats and status).

Privilege to index and update documents. Also grants access to the update
mapping action.

create

Privilege to index documents. Also grants access to the update mapping
action.

This privilege does not restrict the index operation to the creation
of documents but instead restricts API use to the index API. The index API allows a user
to overwrite a previously indexed document.

delete

Privilege to delete documents.

write

Privilege to perform all write operations to documents, which includes the
permission to index, update, and delete documents as well as performing bulk
operations. Also grants access to the update mapping action.

delete_index

Privilege to delete an index.

create_index

Privilege to create an index. A create index request may contain aliases to be
added to the index once created. In that case the request requires the manage
privilege as well, on both the index and the aliases names.

Run As Privilege

The run_as permission enables an authenticated user to submit requests on
behalf of another user. The value can be a user name or a comma-separated list
of user names. (You can also specify users as an array of strings or a YAML
sequence.) For more information, see
Submitting Requests on Behalf of Other Users.